﻿using System;
using System.Data;



using Microsoft.Web.Services3;
using Microsoft.Web.Services3.Security.Tokens;


namespace IncubatorServices
{
    public static class Security
    {

        public static int verifyUser(string username, string password)
        {
            //returns 0 if user does not exist, -1 if password is incorrect, returns user id otherwise
            sqlManager sql = new sqlManager();
            DataSet passds = sql.GetDataSet("SELECT id, password, hash FROM users WHERE username = '" + username + "'");
            if (passds.Tables[0].Rows.Count < 1)
                return 0;
            if (passds.Tables[0].Rows[0]["password"].ToString() != password)
                return -1;
            int id = (int)passds.Tables[0].Rows[0]["id"];

            return id;
            //TODO: use MD5 to hash password + hash together

        }
        public static bool isAdmin()
        {
            string username = "";
            //string password = "";
            foreach (SecurityToken tok in RequestSoapContext.Current.Security.Tokens)
            {
                if (tok is UsernameToken)
                {
                    username = ((UsernameToken)tok).Username;
                    //password = ((UsernameToken)tok).Password;
                }
            }
            User u = new User();
            u.LoadUserByName(username);
            return (u.role_id == 1);
        }
        public static bool isRegUser()
        {
            string username = "";
            //string password = "";
            foreach (SecurityToken tok in RequestSoapContext.Current.Security.Tokens)
            {
                if (tok is UsernameToken)
                {
                    username = ((UsernameToken)tok).Username;
                    //password = ((UsernameToken)tok).Password;
                }
            }
            return (username == "registration");
        }
    }
}